Risk-based assessment of the surety of information systems [electronic resource].
- Washington, D.C. : United States. Dept. of Energy, 1995.
Oak Ridge, Tenn. : Distributed by the Office of Scientific and Technical Information, U.S. Dept. of Energy.
- Physical Description:
- 11 pages : digital, PDF file
- Additional Creators:
- Sandia National Laboratories, United States. Department of Energy, and United States. Department of Energy. Office of Scientific and Technical Information
- Restrictions on Access:
- Free-to-read Unrestricted online access
- Correct operation of an information system requires a balance of ``surety`` domains -- access control (confidentiality), integrity, utility, availability, and safety. However, traditional approaches provide little help on how to systematically analyze and balance the combined impact of surety requirements on a system. The key to achieving information system surety is identifying, prioritizing, and mitigating the sources of risk that may lead to system failure. Consequently, the authors propose a risk assessment methodology that provides a framework to guide the analyst in identifying and prioritizing sources of risk and selecting mitigation techniques. The framework leads the analyst to develop a risk-based system model for balancing the surety requirements and quantifying the effectiveness and combined impact of the mitigation techniques. Such a model allows the information system designer to make informed trade-offs based on the most effective risk-reduction measures.
- Report Numbers:
- E 1.99:sand--95-0305c
E 1.99: conf-9503111--1
- Other Subject(s):
- Published through SciTech Connect.
Toward an electronic patient record `95, Orlando, FL (United States), 14-19 Mar 1995.
Murphy, M.; Lim, J.; Fletcher, S.; Jansma, R.; Halbgewachs, R.; Sands, P.; Wyss, G.
- Funding Information:
View MARC record | catkey: 14354238